Re: Rejecting weak passwords

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Dave Page <dpage@pgadmin.org>, Marko Kreen <markokr@gmail.com>, Albe Laurenz <laurenz.albe@wien.gv.at>, Andrew Dunstan <andrew@dunslane.net>, mlortiz <mlortiz@uci.cu>, Magnus Hagander <magnus@hagander.net>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2009-10-14T17:48:45Z
Lists: pgsql-hackers
Robert Haas <robertmhaas@gmail.com> writes:
> On Wed, Oct 14, 2009 at 12:25 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> Let's see you do that (hint: "CREATD USER ... PASSWORD" is going to
>> throw a syntax error before you realize there's anything there that
>> might need to be protected).

> It seems to me incredibly rare for anyone to issue a manual CREATE
> USER command with an encrypted password.  And if it is generated by a
> script, it will presumably not have a trivial typographical error.

Uh, this discussion was about cleartext passwords?

			regards, tom lane